Antivirenprogramme lassen sich nicht installieren

#1 Hi,
vor ein paar Tagen stürzte meine security suite (panda) ständig ab, und ich habe mich entschieden eine neue zu installieren.
Ich probierte erst Norton aus. Seltsamerweise konnte die installation nich erfolgreich beendet werden. Hmm, naja, probier ich eben ein anderes aus...
Wollte dann bitdefender Internet security installieren, gin auch nicht. Fehlermeldung: "Fehler beim Schreiben der Datei: ...\Gemeinsame Dateien\Softwin\Bitdefender Scan Server\bdss.exe Stellen sie sicher, ob Sie auf den ordner zugreifen können."
Ordner ist schreibgeschützt, lässt sich aber nicht ändern.

hier mein log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Programme\Filesharing\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Programme\Music & Video\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
F:\Programme\Filesharing\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\ArcorOnline\Arcor.exe
E:\Programme\Firefox\firefox.exe
F:\-==[Appz]==-\Perfekter Vierenschutz\Bitdefender Internet Security 10.247\Setup.exe
C:\DOKUME~1\DIEHLM~1\LOKALE~1\Temp\IXP000.TMP\Setup.Exe
C:\DOKUME~1\DIEHLM~1\LOKALE~1\Temp\Rar$EX00.032\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - E:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Programme\Music & Video\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOKUME~1\DIEHLM~1\LOKALE~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [NetLimiter 2 Client] F:\Programme\Filesharing\NetLimiter 2 Pro\NLClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\programme\icq621_12_53\icqlite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\programme\icq621_12_53\icqlite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQLite\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQLite\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164041367875
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C30E035-616F-477D-8B42-D2BDB5E7BB73}: NameServer = 195.50.140.178 195.50.140.114
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - F:\Programme\Filesharing\NetLimiter 2 Pro\nlsvc.exe

Danke für die Mühe im Vorraus

#2 hi, instaliere hijackthis in c:\programme\hijackthis benenne die hijackthis.exe in hjt.exe um, scanne erneut, poste log.
poste combofixlog:
http://virus-protect.org/artikel/tools/combofix.html
lad filelist.zip, auf dem desktop entpacken, filelist.bat anklicken, von jedem ordner die letzten 30 tage posten:
http://members.linzag.net/680262/filelist.zip

#3 Hi, hoffe ich hab alles richtig gemacht:

hjt-log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Programme\Filesharing\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Programme\Music & Video\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
F:\Programme\Filesharing\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ArcorOnline\Arcor.exe
E:\Programme\Music & Video\Winamp\winamp.exe
E:\Programme\Miranda IM\miranda32.exe
E:\Programme\Firefox\firefox.exe
E:\Programme\ICQLite\ICQ.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Programme\hijackthis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - E:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Programme\Music & Video\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [NetLimiter 2 Client] F:\Programme\Filesharing\NetLimiter 2 Pro\NLClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\programme\icq621_12_53\icqlite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\programme\icq621_12_53\icqlite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQLite\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQLite\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164041367875
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C30E035-616F-477D-8B42-D2BDB5E7BB73}: NameServer = 195.50.140.178 195.50.140.114
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - F:\Programme\Filesharing\NetLimiter 2 Pro\nlsvc.exe

filelist-log:
Verzeichnis von C:\

2007-05-17 01:26 43 filelist.txt
2007-05-17 01:23 64 ComboFix.txt.bat
2007-05-16 20:25 1,610,612,736 pagefile.sys
2007-05-15 19:53 321 boot.ini

Verzeichnis von C:\WINDOWS

2007-05-16 20:25 0 0.log
2007-05-16 20:25 159 wiadebug.log
2007-05-16 20:25 50 wiaservc.log
2007-05-16 20:25 2,048 bootstat.dat
2007-05-16 20:24 32,588 SchedLgU.Txt
2007-05-16 20:24 1,460,363 WindowsUpdate.log
2007-05-16 19:36 1,454 COM+.log
2007-05-15 19:53 728 win.ini
2007-05-15 19:53 227 system.ini
2007-05-15 02:11 829 w32dasm8.ini
2007-05-12 13:10 60,416 ALCFDRTM.VER
2007-05-12 01:33 4,415 wmsetup.log
2007-05-11 15:00 468 w32demo8.ini
2007-05-10 22:50 33,576 ocmsn.log
2007-05-10 22:50 1,374 imsins.log
2007-05-10 22:50 127,935 ntdtcsetup.log
2007-05-10 22:50 96,117 iis6.log
2007-05-10 22:50 212,634 comsetup.log
2007-05-10 22:50 236,386 tsoc.log
2007-05-10 22:50 17,015 KB931768-IE7.log
2007-05-10 22:50 30,794 msgsocm.log
2007-05-10 22:50 303,318 ocgen.log
2007-05-10 22:50 603,728 FaxSetup.log
2007-05-10 22:50 307,713 setupapi.log
2007-05-10 22:49 62,626 updspapi.log
2007-05-10 22:49 10,616 KB930916.log
2007-05-10 22:49 1,374 imsins.BAK
2007-05-04 16:01 171,985 setupact.log


Verzeichnis von C:\WINDOWS\system
(alles älter als 2 jahre)


Verzeichnis von C:\WINDOWS\system32

2007-05-16 20:25 2,422 wpa.dbl
2007-05-16 20:12 5 cfaab2_g.dll
2007-05-16 20:12 5 bdbbca3_g.ocx
2007-05-16 19:34 401,064 perfh009.dat
2007-05-16 19:34 62,344 perfc009.dat
2007-05-16 19:34 415,470 perfh007.dat
2007-05-16 19:34 74,996 perfc007.dat
2007-05-16 19:34 940,174 PerfStringBackup.INI
2007-05-16 19:24 49,110 vsconfig.xml
2007-04-27 22:45 14,970,328 MRT.exe

Verzeichnis von C:\WINDOWS\Prefetch

2007-05-17 01:26 11,424 FIND.EXE-0EC32F1E.pf
2007-05-17 01:26 42,894 CMD.EXE-087B4001.pf
2007-05-17 01:24 16,742 NOTEPAD.EXE-336351A9.pf
2007-05-17 01:24 46,912 HJT.EXE-3B7A830A.pf
2007-05-17 01:23 5,462 CHCP.COM-18156052.pf
2007-05-17 01:23 9,212 SWREG.CFEXE-2BF4FFCD.pf
2007-05-17 01:23 10,844 REGT.CFEXE-15DB5DAE.pf
2007-05-17 01:23 8,562 NIRCMD.CFEXE-19FF4781.pf
2007-05-17 01:23 2,858 VFIND.CFEXE-2033727F.pf
2007-05-17 01:23 3,730 SED.CFEXE-268D7E58.pf
2007-05-17 01:23 5,916 DUMPHIVE.CFEXE-2ED3B134.pf
2007-05-17 01:23 20,020 SETPATH.CFEXE-034E3D26.pf
2007-05-17 01:23 10,804 FINDSTR.EXE-0CA6274B.pf
2007-05-17 01:23 9,052 SWREG.EXE-3560BE42.pf
2007-05-17 01:23 9,712 NIRCMD.EXE-30DEE152.pf
2007-05-17 01:23 43,080 COMBOFIX.EXE-32439CAA.pf
2007-05-17 00:57 69,976 FIREFOX.EXE-164E5177.pf
2007-05-17 00:51 14,328 GETPOPUPINFO.EXE-1BC68A07.pf
2007-05-17 00:47 83,878 MSIEXEC.EXE-2F8A8CAE.pf
2007-05-17 00:41 38,604 POKERSTARS.EXE-11C3388A.pf
2007-05-17 00:41 36,980 POKERSTARSUPDATE.EXE-0609D6CB.pf
2007-05-17 00:28 12,394 HIDR.EXE-19BDD795.pf
2007-05-17 00:28 16,848 14590921.EXE-2D85F7A1.pf
2007-05-17 00:28 20,606 14587171.EXE-25D96815.pf
2007-05-17 00:27 82,910 IEXPLORE.EXE-2CA9778D.pf
2007-05-16 22:49 68,930 MSIMN.EXE-0B61806C.pf
2007-05-16 22:41 91,038 ICQ.EXE-30E3F664.pf
2007-05-16 22:10 10,918 LOGON.SCR-151EFAEA.pf
2007-05-16 22:09 456,918 Layout.ini
2007-05-16 21:54 50,984 WINWORD.EXE-041FEA28.pf
2007-05-16 21:41 45,048 WINRAR.EXE-0A012611.pf
2007-05-16 21:31 63,914 MIRANDA32.EXE-0EB82F06.pf
2007-05-16 20:57 79,314 WMIPRVSE.EXE-28F301A9.pf
2007-05-16 20:57 36,710 RUNDLL32.EXE-2576181F.pf
2007-05-16 20:57 95,088 WINAMP.EXE-310BB344.pf
2007-05-16 20:37 14,738 HIJACKTHIS.EXE-21F53779.pf
2007-05-16 20:35 59,212 SETUP.EXE-36B33F47.pf
2007-05-16 20:35 56,458 SETUP.EXE-2A509B0E.pf
2007-05-16 20:27 8,000 179890.EXE-20939B3C.pf
2007-05-16 20:27 17,540 179531.EXE-20704B1C.pf
2007-05-16 20:27 69,444 ARCOR.EXE-1E95EA5D.pf
2007-05-16 20:27 60,262 SETUP.EXE-05B0AE85.pf
2007-05-16 20:27 55,626 SETUP.EXE-39D7EEB8.pf
2007-05-16 20:27 968,886 NTOSBOOT-B00DFAAD.pf
2007-05-16 20:24 20,242 LOGONUI.EXE-0AF22957.pf
2007-05-16 20:23 43,108 XPCLEAN.EXE-0FE5BAE4.pf
2007-05-16 20:20 96,782 FIREFOX.EXE-08F6F8D8.pf
2007-05-16 20:12 29,320 REGSUPREME.EXE-1F9AD255.pf
2007-05-16 20:12 21,032 INS3A.TMP-385B06B2.pf
2007-05-16 20:12 12,278 REGSUPREME_SETUP.EXE-2EE89B1F.pf
2007-05-16 20:11 33,480 AD-AWARE.EXE-109C10BD.pf
2007-05-16 20:11 38,244 HH.EXE-2D1A70B3.pf
2007-05-16 20:11 16,164 AAWSEPERSONAL106.EXE-0D4522DD.pf
2007-05-16 20:06 17,994 HIJACKTHIS.EXE-178B3470.pf
2007-05-16 20:03 19,776 TASKMGR.EXE-20256C55.pf
2007-05-16 19:58 61,228 SYSTEMCONTROL.EXE-1FF2CF2F.pf
2007-05-16 19:57 70,064 REGISTRYCLEANER.EXE-39169EAE.pf
2007-05-16 19:57 43,916 UPDATEWIZARD.EXE-094C6BB0.pf
2007-05-16 19:57 46,156 INTEGRATOR.EXE-068F1063.pf
2007-05-16 19:55 11,186 BDPTCH.EXE-01ABD8BB.pf
2007-05-16 19:55 13,060 BDPCH.EXE-0D9B5CA1.pf
2007-05-16 19:46 24,076 PATCH_WORKAROUND_V2.EXE-1B352019.pf
2007-05-16 19:46 25,394 AUTORUN.EXE-33E0E0EC.pf
2007-05-16 19:43 28,288 SYMSETUP.EXE-30E52384.pf
2007-05-16 19:43 12,992 CDSTART.EXE-271C1A48.pf
2007-05-16 19:39 17,114 91343.EXE-0CAD0C9A.pf
2007-05-16 19:39 7,998 91953.EXE-02A3BA9F.pf
2007-05-16 19:35 21,972 WMIADAP.EXE-2DF425B2.pf
2007-05-16 19:35 23,050 NGEN.EXE-171CDCC6.pf
2007-05-16 19:35 6,148 NETFXUPDATE.EXE-1BB060FE.pf
2007-05-16 19:34 18,306 GACUTIL.EXE-2736E6B3.pf
2007-05-16 19:34 20,668 MSDTC.EXE-0E6E4AF7.pf
2007-05-16 19:34 26,974 DLLHOST.EXE-5353C76C.pf
2007-05-16 19:34 29,308 ASPNET_REGIIS.EXE-38397C30.pf
2007-05-16 19:34 27,972 REGSVCS.EXE-077D24C2.pf
2007-05-16 19:34 7,958 REGTLIB.EXE-0CCB81E6.pf
2007-05-16 19:34 57,522 SL3A.TMP-29DD605D.pf
2007-05-16 19:34 24,436 WUAUCLT.EXE-399A8E72.pf
2007-05-16 19:34 55,180 NDP1.1SP1-KB867460-X86.EXE-1BF8984A.pf
2007-05-16 19:29 48,792 MMC.EXE-04EF131A.pf
2007-05-16 19:28 27,924 WUPDMGR.EXE-2F30BEAB.pf
2007-05-16 19:27 30,380 RUNDLL32.EXE-44A0B4BC.pf
2007-05-16 19:27 24,942 LUCOMS~1.EXE-02DB5950.pf
2007-05-16 19:27 26,320 RUNDLL32.EXE-12A3EAF6.pf
2007-05-16 19:24 12,574 SETUP.EXE-07D22F96.pf
2007-05-16 19:24 54,456 GLB2C.TMP-11222AFE.pf
2007-05-16 16:27 16,254 139093.EXE-0999C443.pf
2007-05-16 16:27 17,520 139109.EXE-19FA1510.pf
2007-05-16 16:12 41,408 VLC.EXE-25E74B12.pf
2007-05-16 16:10 11,092 ATTRIB.EXE-39EAFB02.pf
2007-05-16 16:02 25,932 CRYPTO.EXE-29843A12.pf
2007-05-16 15:39 3,344 ELFO2006.EXE-206DC95B.pf
2007-05-16 15:37 8,000 171765.EXE-267E58C3.pf
2007-05-16 15:37 17,464 171390.EXE-027E9CE1.pf
2007-05-16 15:37 26,370 WMIAPSRV.EXE-1E2270A5.pf
2007-05-15 23:54 83,942 CLI.EXE-02B0DB56.pf
2007-05-15 23:54 17,826 DAEMON.EXE-0012E100.pf
2007-05-15 23:54 11,896 SOUNDMAN.EXE-19745A34.pf
2007-05-15 23:54 93,870 EXPLORER.EXE-082F38A9.pf
2007-05-15 23:54 13,854 USERINIT.EXE-30B18140.pf
2007-05-15 23:54 18,860 ATI2EVXX.EXE-19D16EB9.pf
2007-05-15 23:54 42,170 WGATRAY.EXE-0ED38BED.pf
2007-05-15 23:54 7,880 CLISTART.EXE-1EE1D5BF.pf
2007-05-15 21:19 14,058 RUNDLL32.EXE-451FC2C0.pf
2007-05-15 20:27 31,982 VERCLSID.EXE-3667BD89.pf
2007-05-15 20:14 24,872 PLATASKS.EXE-05CD6BB1.pf
2007-05-15 20:14 32,824 WEBPROXY.EXE-0C8E9E1C.pf
2007-05-15 20:14 17,442 SRVLOAD.EXE-2C395628.pf
2007-05-15 20:10 21,996 385109.EXE-1097C444.pf
2007-05-15 20:07 85,526 NLCLIENT.EXE-336CB2CC.pf
2007-05-15 19:56 21,912 111734.EXE-075980FE.pf
2007-05-15 19:56 13,972 112218.EXE-2106DC48.pf
2007-05-15 19:45 18,072 IMAPI.EXE-0BF740A4.pf
2007-05-15 19:08 10,864 PSCLEAN.EXE-332862C6.pf
2007-05-15 17:43 32,064 AVCIMAN.EXE-00823E2E.pf
2007-05-15 17:43 12,834 PSIMREAL.EXE-134598B3.pf
2007-05-15 17:39 19,802 ALG.EXE-0F138680.pf
2007-05-15 17:39 12,028 WSCNTFY.EXE-1B24F5EB.pf
118 Datei(en) 5,025,480 Bytes
0 Verzeichnis(se), 41,756,860,416 Bytes frei

Verzeichnis von C:\WINDOWS\Temp

2007-05-16 22:15 255 WGAErrLog.txt
2007-05-16 20:25 409 WGANotify.settings

Verzeichnis von C:\DOKUME~1\DIEHLM~1\LOKALE~1\Temp

2007-05-17 01:24 16,384 ~DF9C53.tmp
2007-05-17 00:47 233,568 MSIfe5c5.LOG
2007-05-16 23:25 16,384 ~DF9077.tmp
2007-05-16 23:25 16,384 ~DF9086.tmp
2007-05-16 22:41 0 JET1397.tmp
2007-05-16 21:46 16,384 ~DF2FA9.tmp
2007-05-16 20:57 1,020 ~ROMFN_00000CF8
2007-05-16 20:47 464 MSI95a3e.LOG
2007-05-16 20:27 512 ~DFDB1E.tmp
2007-05-16 20:27 49,152 ~DFD631.tmp
2007-05-16 20:27 49,152 ~DF1033.tmp
2007-05-16 20:27 512 ~DF133F.tmp
2007-05-16 20:27 16,384 ~DF8EE5.tmp
2007-05-16 20:27 464 MSI1d01d.LOG
2007-05-16 20:26 14,528 Norton Setup 10,0,0 5-16-2007 20h26m28s.log
2007-05-16 20:26 5,980 instopts.dat
2007-05-16 20:26 16,384 Perflib_Perfdata_a00.dat
2007-05-16 20:26 16,384 Perflib_Perfdata_a08.dat
2007-05-16 20:26 16,384 Perflib_Perfdata_264.dat
2007-05-16 19:47 25,360,896 94cbc.msi
2007-05-16 19:39 16,384 ~DFC936.tmp
2007-05-16 19:38 16,384 ~DF824B.tmp
2007-05-16 19:28 16,384 ~DFBCCC.tmp
2007-05-16 19:24 71,680 GLB2C.tmp
2007-05-16 16:48 87,105,342 trend.micro.pc.cillin.internet.security.2007.v15.30.1231.german.incl.keymaker-core.rar
2007-05-16 16:40 39,957,250 zonelabs.zonealarm.security.suite.v7.0.302.000.incl.keymaker-zwt.rar
2007-05-16 15:51 16,384 ~DFB330.tmp
2007-05-15 22:41 12,925 dir47.tmp
2007-05-15 22:41 451 CCI2D.tmp
2007-05-15 22:41 19 CCI2C.tmp
2007-05-15 21:24 1,553,796 system.nfo
2007-05-15 21:22 19 CCI70.tmp
2007-05-15 21:22 451 CCI71.tmp
2007-05-15 20:35 16,384 ~DFD4AB.tmp
2007-05-15 20:24 16,384 ~DF6353.tmp
2007-05-15 20:20 5,381 PavLogInst
2007-05-15 20:15 16,384 ~DF8979.tmp
2007-05-15 20:14 16,384 ~DFFFB8.tmp
2007-05-15 20:14 16,384 ~DFD845.tmp
2007-05-15 20:10 49,152 ~DFD12F.tmp
2007-05-15 20:10 16,384 ~DFCD7C.tmp
2007-05-15 20:07 16,384 Perflib_Perfdata_c74.dat
2007-05-15 20:07 16,384 Perflib_Perfdata_c54.dat
2007-05-15 20:06 16,384 ~DFC1C3.tmp
2007-05-15 20:06 16,384 Perflib_Perfdata_a34.dat
2007-05-15 19:55 512 ~DFD2A9.tmp
2007-05-15 19:55 49,152 ~DFD202.tmp
2007-05-15 19:55 16,384 Perflib_Perfdata_7a8.dat
2007-05-15 19:55 16,384 Perflib_Perfdata_9ec.dat
2007-05-15 19:55 1,020 ~ROMFN_00000964
2007-05-15 19:55 16,384 Perflib_Perfdata_440.dat
2007-05-15 19:55 512 ~DF9836.tmp
2007-05-15 19:49 32,768 ~DFD534.tmp
2007-05-15 19:29 16,384 ~DF3496.tmp
2007-05-15 19:29 16,384 ~DF3480.tmp
2007-05-15 18:29 16,384 ~DF6318.tmp
2007-05-15 17:42 1,020 ~ROMFN_00000FD4
2007-05-15 17:42 1,020 ~ROMFN_0000084C
2007-05-15 17:42 49,152 ~DF5800.tmp
2007-05-15 17:42 16,384 Perflib_Perfdata_8e8.dat
2007-05-15 17:42 16,384 Perflib_Perfdata_e64.dat
2007-05-15 17:39 16,384 Perflib_Perfdata_6f4.dat
2007-05-14 17:36 0 h2r77.tmp
2007-05-14 15:18 16,384 ~DFBFB9.tmp
2007-05-13 17:05 16,384 ~DF2293.tmp
2007-05-13 15:00 16,384 ~DF911D.tmp
2007-05-12 19:01 16,384 ~DFAF00.tmp
2007-05-12 19:00 16,384 ~DF4201.tmp
2007-05-12 10:56 16,385 BananenSchokoKuchen.doc
2007-05-12 10:29 16,384 ~DFB8A9.tmp
2007-05-12 04:47 81,920 ~DFB813.tmp
2007-05-12 04:34 81,920 ~DFA9B4.tmp
2007-05-12 04:33 81,920 ~DF6873.tmp
2007-05-12 01:33 12,818 control.xml
2007-05-11 16:17 81,920 ~DFA76A.tmp
2007-05-11 16:14 81,920 ~DF2426.tmp
2007-05-11 16:14 81,920 ~DF7130.tmp
2007-05-11 16:02 81,920 ~DFC798.tmp
2007-05-11 15:47 81,920 ~DFB6C3.tmp
2007-05-11 15:46 81,920 ~DF1634.tmp
2007-05-11 15:43 81,920 ~DFAEDE.tmp
2007-05-11 14:52 65,536 ~DFB294.tmp
2007-05-11 14:39 16,384 ~DF8506.tmp
2007-05-10 19:13 4,286 xprt44a6.ico
2007-05-09 09:30 16,384 ~DF1010.tmp
2007-05-08 21:09 17,815,017 fla6E.tmp
2007-05-08 20:09 16,384 ~DFA017.tmp
2007-05-08 17:30 49,152 ~DF2897.tmp
2007-05-08 17:30 49,152 ~DFFB77.tmp
2007-05-08 17:04 16,384 ~DF1297.tmp
2007-05-08 16:38 4,286 xprt0dda.ico
2007-05-08 16:33 4,286 xprt3dee.ico
2007-05-08 16:27 1,020 ~ROMFN_000014D0
2007-05-08 15:30 16,384 ~DFA120.tmp
2007-05-08 15:29 16,384 Perflib_Perfdata_e4.dat
2007-05-08 15:29 16,384 Perflib_Perfdata_b6c.dat
2007-05-08 15:28 16,384 Perflib_Perfdata_724.dat

und hier der combo fix log:
2007-05-17 1:32:08 Service Pack 2
ComboFix 07-05.17.V - Running from: "D:\Downloads\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-17 ))))))))))))))))))))))))))))))))))


2007-05-16 20:12 5 --ahs---- C:\WINDOWS\system32\cfaab2_g.dll
2007-05-16 20:11 <DIR> d-------- C:\DOKUME~1\DIEHLM~1\ANWEND~1\Lavasoft
2007-05-16 19:24 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-16 19:24 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-15 22:41 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-05-15 22:41 108,728 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-05-15 22:40 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-05-15 21:22 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec
2007-05-15 19:48 <DIR> d-------- C:\Programme\ArcorOnline
2007-05-15 17:43 <DIR> d--h----- C:\DOKUME~1\DIEHLM~1\ANWEND~1\hidires
2007-05-12 16:13 <DIR> d-------- C:\DOKUME~1\DIEHLM~1\ANWEND~1\ClickOff
2007-05-12 16:11 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\ClickOff
2007-05-12 01:06 187,880 --------- C:\WINDOWS\system32\hldrrr.exe
2007-05-12 01:06 <DIR> d-------- C:\WINDOWS\exefld
2007-05-11 19:01 40,960 --a------ C:\WINDOWS\system32\SSubTmr.dll
2007-05-11 19:01 29,696 --a------ C:\WINDOWS\system32\Hackman1.dll
2007-05-11 19:01 113,664 --a------ C:\WINDOWS\system32\APIGID32.DLL
2007-05-11 19:00 299,520 --a------ C:\WINDOWS\uninst.exe
2007-05-10 19:37 66,592 --a------ C:\WINDOWS\unTMV.exe
2007-05-10 16:52 <DIR> d-------- C:\DOKUME~1\DIEHLM~1\ANWEND~1\PE Explorer
2007-05-10 16:47 801,312 --a------ C:\WINDOWS\system\Owl50f.dll
2007-05-10 16:47 77,856 --a------ C:\WINDOWS\system\Bids50f.dll
2007-05-10 16:47 229,376 --a------ C:\WINDOWS\system\Cw3220.dll
2007-05-10 16:45 302,592 --a------ C:\WINDOWS\unin0407.exe
2007-05-05 12:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-04 16:01 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-05-04 16:01 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-04-21 16:27 <DIR> d-------- C:\DOKUME~1\DIEHLM~1\ANWEND~1\ICQ
2007-04-19 16:43 <DIR> d-------- C:\DOKUME~1\DIEHLM~1\ANWEND~1\WinRAR


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-16 17:34:45 74,996 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-05-16 17:34:45 415,470 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-05-15 18:23:14 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-05-11 13:24:30 -------- d-----w C:\DOKUME~1\DIEHLM~1\ANWEND~1\LimeWire
2007-05-11 12:57:46 -------- d-----w C:\DOKUME~1\DIEHLM~1\ANWEND~1\Help
2007-05-10 15:10:16 -------- d-----w C:\DOKUME~1\DIEHLM~1\ANWEND~1\Azureus
2007-05-09 21:31:46 -------- d-----w C:\DOKUME~1\DIEHLM~1\ANWEND~1\AdobeUM
2007-05-05 22:50:12 -------- d-----w C:\DOKUME~1\DIEHLM~1\ANWEND~1\Hamachi
2007-04-13 23:39:39 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-01 07:52:49 -------- d-----w C:\Programme\Coolstreaming_Tool-Bar_v1.0
2007-03-29 11:23:14 -------- d-----w C:\DOKUME~1\DIEHLM~1\ANWEND~1\ICQ Toolbar
2007-03-28 21:35:27 -------- d-----w C:\DOKUME~1\DIEHLM~1\ANWEND~1\ChessBase
2007-03-24 22:36:48 8,103 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2007-03-24 22:36:21 2,338,168 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-03-24 22:34:39 -------- d-----w C:\DOKUME~1\DIEHLM~1\ANWEND~1\AccurateRip
2007-03-24 22:25:08 3,021 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2007-03-24 22:22:14 13,074 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-03-24 22:17:24 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2007-03-21 21:44:09 -------- d-----w C:\Programme\Everest Poker
2007-03-20 22:52:38 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 16:33:54 -------- d-----w C:\Programme\Gemeinsame Dateien\PokerStars.net
2007-03-10 16:47:47 16,840 ----a-w C:\DOKUME~1\DIEHLM~1\ANWEND~1\GDIPFONTCACHEV1.DAT
2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 14:35:00 -------- d-----w C:\Programme\MSN Messenger
2007-02-11 08:52:14 1,851 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-02-11 08:52:13 47,988 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-02-08 18:52:09 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-02-05 20:18:44 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=E:\Programme\ICQToolbar\toolbaru.dll [2006-10-10 11:18]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
{bd0e4d83-654e-4213-965b-fcbe887061f4}=C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll [2007-04-14 02:18]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="E:\Programme\Music & Video\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"SoundMan"="SOUNDMAN.EXE" []
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter 2 Client"="F:\Programme\Filesharing\NetLimiter 2 Pro\NLClient.exe" [2006-09-13 22:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"hldrrr"="C:\WINDOWS\system32\hldrrr.exe" [2004-09-24 10:02]
"drvsyskit"="C:\Dokumente und Einstellungen\Diehlmann\Anwendungsdaten\hidires\hidr.exe" [2007-05-17 00:28]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli
[color=red]SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.[/color]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^G DATA Firewall Tray.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\G DATA Firewall Tray.lnk
backup=C:\WINDOWS\pss\G DATA Firewall Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Diehlmann^Startmenü^Programme^Autostart^Adobe Gamma.lnk]
path=C:\Dokumente und Einstellungen\Diehlmann\Startmenü\Programme\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Diehlmann^Startmenü^Programme^Autostart^hamachi.lnk]
path=C:\Dokumente und Einstellungen\Diehlmann\Startmenü\Programme\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arcor Online]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVKTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copy Handler]
E:\Programme\copyhandler\ch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
"E:\Programme\ICQLite\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Programme\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Programme\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
e:\Programme\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
E:\Programme\Music & Video\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GDFwSvc"=dword:00000003
"AVKWCtl"=dword:00000002
"AVKService"=dword:00000002
"AVKProxy"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter HTTPFilter
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunch TermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
UxTuneUp

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f025df5-775e-11db-941d-d4e0d493f656}]
Shell\AutoRun\command H:\CDSTART.EXE

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{555a156d-7720-11db-ac11-806d6172696f}]
Shell\AutoRun\command G:\arcor.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83f20430-d31d-11db-94fa-001731171b57}]
Shell\AutoRun\command I:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95c9ef0e-9387-11db-9489-001731171b57}]
Shell\AutoRun\command I:\Setup.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-17 01:35:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-17 1:35:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-17 01:35


--- E O F ---

#4 du hast den
TR/Bagle.
http://www.avira.com/de/Thread/section/fulldetails/id_vir/2695/tr_bagle.dp.html
C:\WINDOWS\system32\cfaab2_g.dll
C:\WINDOWS\system32\SSubTmr.dll
die dateien bei
http://virusscan.Jotti.org/de/
hochladen, einfach pfad ins feld eingeben und senden klicken, oder durchsuchen, datei suchen, senden klicken. ergebnisse mit tabellenkopf und additional information posten.

#5 hier die scans:
Datei: cfaab2_g.dll
Status:
EVENTUELL INFIZIERT/MALWARE (Es ist verdächtig, dass die Sandbox-Emulation lange dauerte und/oder die Datei gepackt war. Normalerweise sind Programme nicht gepackt und zwingen die Sandbox nicht zu einer langwierigen Emulation. Beachten Sie, dass kein Scanner eine Warnung gegeben hat, d.h. die Datei kann sehr wohl harmlos sein. Wir raten allerdings zur Vorsicht.)
Entdeckte Packprogramme:
-

A-Squared
Keine Viren gefunden
AntiVir
Keine Viren gefunden
ArcaVir
Keine Viren gefunden
Avast
Keine Viren gefunden
AVG Antivirus
Keine Viren gefunden
BitDefender
Keine Viren gefunden
ClamAV
Keine Viren gefunden
Dr.Web
Keine Viren gefunden
F-Prot Antivirus
Keine Viren gefunden
F-Secure Anti-Virus
Keine Viren gefunden
Fortinet
Keine Viren gefunden
Kaspersky Anti-Virus
Keine Viren gefunden
NOD32
Keine Viren gefunden
Norman Virus Control
Keine Viren gefunden
Panda Antivirus
Keine Viren gefunden
Rising Antivirus
Keine Viren gefunden
VirusBuster
Keine Viren gefunden
VBA32
Keine Viren gefunden


Datei: SSubTmr.dll
Status:
OK
Entdeckte Packprogramme:
-

A-Squared
Keine Viren gefunden
AntiVir
Keine Viren gefunden
ArcaVir
Keine Viren gefunden
Avast
Keine Viren gefunden
AVG Antivirus
Keine Viren gefunden
BitDefender
Keine Viren gefunden
ClamAV
Keine Viren gefunden
Dr.Web
Keine Viren gefunden
F-Prot Antivirus
Keine Viren gefunden
F-Secure Anti-Virus
Keine Viren gefunden
Fortinet
Keine Viren gefunden
Kaspersky Anti-Virus
Keine Viren gefunden
NOD32
Keine Viren gefunden
Norman Virus Control
Keine Viren gefunden
Panda Antivirus
Keine Viren gefunden
Rising Antivirus
Keine Viren gefunden
VirusBuster
Keine Viren gefunden
VBA32
Keine Viren gefunden

#6 sorry, falsche seite, kannst du die beiden sicherheitshalber nochmal hier hochladen bitte?
http://www.virustotal.com/en/indexf.html

#7 kein problem,
C:\WINDOWS\system32\cfaab2_g.dll:
Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.17.2007 no virus found
AntiVir 7.4.0.23 05.17.2007 no virus found
Authentium 4.93.8 05.16.2007 no virus found
Avast 4.7.997.0 05.17.2007 no virus found
AVG 7.5.0.467 05.16.2007 no virus found
BitDefender 7.2 05.17.2007 no virus found
CAT-QuickHeal 9.00 05.17.2007 no virus found
ClamAV devel-20070416 05.16.2007 no virus found
DrWeb 4.33 05.17.2007 no virus found
eSafe 7.0.15.0 05.17.2007 no virus found
eTrust-Vet 30.7.3639 05.17.2007 no virus found
Ewido 4.0 05.17.2007 no virus found
FileAdvisor 1 05.17.2007 no virus found
Fortinet 2.85.0.0 05.17.2007 no virus found
F-Prot 4.3.2.48 05.16.2007 no virus found
F-Secure 6.70.13030.0 05.17.2007 no virus found
Ikarus T3.1.1.7 05.17.2007 no virus found
Kaspersky 4.0.2.24 05.17.2007 no virus found
McAfee 5032 05.16.2007 no virus found
Microsoft 1.2503 05.17.2007 no virus found
NOD32v2 2273 05.17.2007 no virus found
Norman 5.80.02 05.17.2007 no virus found
Panda 9.0.0.4 05.17.2007 no virus found

Aditional Information
File size: 5 bytes
MD5: cf3dcba1617ed9ecba8eda6fa71ca7c6
SHA1: d3029d95e24c1c1ef12c95ae8c344126815797f2

C:\WINDOWS\system32\SSubTmr.dll:
Antivirus Version Update Result
AhnLab-V3 2007.5.16.1 05.17.2007 no virus found
AntiVir 7.4.0.23 05.17.2007 no virus found
Authentium 4.93.8 05.16.2007 no virus found
Avast 4.7.997.0 05.17.2007 no virus found
AVG 7.5.0.467 05.16.2007 no virus found
BitDefender 7.2 05.17.2007 no virus found
CAT-QuickHeal 9.00 05.17.2007 no virus found
ClamAV devel-20070416 05.16.2007 no virus found
DrWeb 4.33 05.17.2007 no virus found
eSafe 7.0.15.0 05.17.2007 no virus found
eTrust-Vet 30.7.3639 05.17.2007 no virus found
Ewido 4.0 05.17.2007 no virus found
FileAdvisor 1 05.17.2007 No Thread detected
Fortinet 2.85.0.0 05.17.2007 no virus found
F-Prot 4.3.2.48 05.16.2007 no virus found
F-Secure 6.70.13030.0 05.17.2007 no virus found
Ikarus T3.1.1.7 05.17.2007 no virus found
Kaspersky 4.0.2.24 05.17.2007 no virus found
McAfee 5032 05.16.2007 no virus found
Microsoft 1.2503 05.17.2007 no virus found
NOD32v2 2273 05.17.2007 no virus found
Norman 5.80.02 05.17.2007 no virus found
Panda 9.0.0.4 05.17.2007 no virus found

Aditional Information
File size: 40960 bytes
MD5: 1556c5b52a751c31b4ca6fe757704131
SHA1: a04263b37b69a5a53eaccc6d30dda61b2808224a
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=1556c5b52a751c31b4ca6fe757704131

#8 hi, lass bitte all diese rootkitscans laufen.
http://www.hijackthis-forum.de/showthread.php?t=20219
bitte trenne dafür die verbindung zum internet. kabel raus, wlan aus. schalte alle programme die laufen ab!
ich würde dir als neues antivirenprogramm avira antivir empfehlen. siehe diesen test:
http://www.av-comparatives.org/
die adresse ist
www.avira.com lad dir bitte dort das neueste setup runter. falls du geld ausgeben möchtest, solltest du dir die premium kaufen. lad aber erst mal die classic runter. noch nicht instalieren, bringt wahrscheinlich sowieso erst mal nichts.
weiterhin solltest du nicht ins internet gehen, falls nciht nötig.

#9 So, hab heute mal die scans gemacht. Da text zu lang war hab ichs im Anhang hochgeladen.

#10 das waren nicht alle rootkitscans... mach bitte alle

#11 hab alle gemacht die hier stehn: http://www.hijackthis-forum.de/showthread.php?t=20219
nur beim AVG Antirootkit entstand keine logdatei, siehe anhang.

#12 @Karlheinzon

Schliesse alle Fenster und starte Hijack This
Klicke: Scan
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOKUME~1\DIEHLM~1\LOKALE~1\Temp\IXP000.TMP\"

klicke: Fix checked

Loesche unter InternetOptionen die TemporaryInternetFiles
Benutze dazu Traxex http://www.almisoft.de/?cont=traxex

Dein Java software ist veraltet,download jre-6-windows-i586.exe
Srcolle runter nach "Java Runtime Environment (JRE) 6u1
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Klicke auf "Download"
Setze in haeckchen bei "Accept License Agreement".
Klicke “Windows Offline Installation, Multi-language” um
“jre-6-windows-i586.exe”zum Desktop zu installieren
Schliesse alle Programme auch dein Webbrowser
Ueber "Start -> Einstellungen -> Systemsteuerung -> Software
Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE)
Nachdem alles entfernt wurde,Rechner neu starten
Installiere jetzt vom Desktop aus “jre-6-windows-i586.exe”
__________
MfG Argus

#13 der eintrag "O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOKUME~1\DIEHLM~1\LOKALE~1\Temp\IXP000.TMP\""
ist nichtmehr vorhanden?!?
das is der aktuelle hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 02:58:33, on 23.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Programme\Filesharing\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\Programme\Filesharing\NetLimiter 2 Pro\NLClient.exe
E:\Programme\Music & Video\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\Programme\Filesharing\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Programme\Miranda IM\miranda32.exe
C:\Programme\ArcorOnline\Arcor.exe
E:\Programme\Firefox\firefox.exe
C:\Programme\hijackthis\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - E:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programme\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Programme\Music & Video\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [NetLimiter 2 Client] F:\Programme\Filesharing\NetLimiter 2 Pro\NLClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: TraXEx 3.1.lnk = C:\Programme\TraXEx\TraXEx.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Programme\TraXEx\Integration\TraXEx 3.1 Internet Explorer.lnk
O9 - Extra button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Programme\TraXEx\Integration\TraXEx 3.1 Löschautomat.lnk
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\programme\icq621_12_53\icqlite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\programme\icq621_12_53\icqlite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQLite\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQLite\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164041367875
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C30E035-616F-477D-8B42-D2BDB5E7BB73}: NameServer = 195.50.140.178 195.50.140.114
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GQP - Sysinternals - www.sysinternals.com - C:\DOKUME~1\DIEHLM~1\LOKALE~1\Temp\GQP.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: L - Sysinternals - www.sysinternals.com - C:\DOKUME~1\DIEHLM~1\LOKALE~1\Temp\L.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - F:\Programme\Filesharing\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: WO - Sysinternals - www.sysinternals.com - C:\DOKUME~1\DIEHLM~1\LOKALE~1\Temp\WO.exe

#14 Verborgene Dateien sichtbar machen
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.


Kontrolliere bei [url="http://virusscan.Jotti.org/"] Jotti[/url] folgendes

C:\WINDOWS\system32\hldrrr.exe

Alternativ: virustotal
oder
Stand alone: Dr.WEB
__________
MfG Argus

#15 Volltreffer!
File "hldrrr.exe" received on 05.23.2007 at 15:49:37 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.5.23.1 05.23.2007 no virus found
AntiVir 7.4.0.27 05.23.2007 TR/Crypt.XPACK.Gen
Authentium 4.93.8 05.23.2007 W32/Downloader2.DXB
Avast 4.7.997.0 05.22.2007 Win32:Beagle-UO
AVG 7.5.0.467 05.22.2007 Downloader.Generic4.ITL
BitDefender 7.2 05.23.2007 Win32.Bagle.PF@mm
CAT-QuickHeal 9.00 05.23.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 05.23.2007 Trojan.Downloader-6715
DrWeb 4.33 05.23.2007 Win32.HLLM.Beagle
eSafe 7.0.15.0 05.21.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3655 05.23.2007 Win32/Glieder.FI
Ewido 4.0 05.23.2007 no virus found
FileAdvisor 1 05.23.2007 no virus found
Fortinet 2.85.0.0 05.23.2007 W32/Bagle.BU!tr.dldr
F-Prot 4.3.2.48 05.23.2007 W32/Downloader2.DXB

Aditional Information
File size: 187880 bytes
MD5: 627ecdf4a9b0aa7c6d3114b712b1995c
SHA1: 01487ac1b2dd9c46e6495564dfadc4f3d0039cba

wie soll ich den jetz runterfegen?